<?php
function showData($name,$email,$website,$comment,$gender){
    echo "<h2>Your Input:</h2>";
    echo "Name: <b>".$name."</b>";
    echo "<br>";
    echo "Email: <b>".$email."</b>";
    echo "<br>";
    echo "Website: <b>".$website."</b>";
    echo "<br>";
    echo "Comment: <b>".$comment."</b>";
    echo "<br>";
    echo "Gender: <b>".$gender."</b>";
}

function test_input($data){
    $data = trim($data);
    $data=stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
//define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
$nameErr = $emailErr = $genderErr = $commentErr = $websiteErr = "";
if($_SERVER["REQUEST_METHOD"] == "POST"){
    $name = test_input($_POST["name"]);
    $email = test_input($_POST["email"]);
    $website = test_input($_POST["website"]);
    $comment = test_input($_POST["comment"]);
    $gender = test_input($_POST["gender"]);
    if(empty($name)){
        $nameErr="Name is required";
    }else if(!preg_match("/^[a-zA-Z ]*$/",$name)){
        $nameErr = "Only letters and white space allowed";
    }

    if(empty($email)){
        $emailErr="Email is required";
    }else if(!filter_var($email,FILTER_VALIDATE_EMAIL)){
        $emailErr = "Invalid email format";
    }
    if(empty($website)==false && !preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website))
    {
        $websiteErr = "Invalid URL";
    }

    if(empty($gender)){
        $genderErr="Gender is required";
    }
}
?>

<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>PHP Form Validation</title>
    <style>
        .error {color: #FF0000;}
    </style>
</head>
<body>
<h1>PHP Form Validation</h1>
<div>
    <h3>PHP Form Validation</h3>
    <!--What is the htmlspecialchars() function?

    The htmlspecialchars() function converts special characters to HTML entities.
    This means that it will replace HTML characters like < and > with &lt; and &gt;.
    This prevents attackers from exploiting the code by injecting HTML or Javascript code
    (Cross-site Scripting attacks) in forms.-->
    <form method="post" action="<?php echo(htmlspecialchars($_SERVER['PHP_SELF']));?>">
        Name: <input type="text" name="name" value="<?php echo $name;?>">
        <span class="error">* <?php echo $nameErr;?></span>
        <br/><br/>
        E-mail: <input type="text" name="email" value="<?php echo $email;?>">
        <span class="error">* <?php echo $emailErr;?></span>
        <br><br>
        Website: <input type="text" name="website" value="<?php echo $website;?>">
        <span class="error"><?php echo $websiteErr;?></span>
        <br><br>
        Comment: <textarea name="comment" rows="5" cols="40"><?php echo $comment;?></textarea>
        <br><br>
        Gender:
        <input type="hidden" name="gender" value="">
        <input type="radio" name="gender" value="female" <?php if (isset($gender) && $gender=="female") echo "checked";?>>Female
        <input type="radio" name="gender" value="male" <?php if (isset($gender) && $gender=="male") echo "checked";?>>Male
        <span class="error">* <?php echo $genderErr;?></span>
        <br><br>
        <input type="submit" name="submit" value="Submit">
    </form>
    <?php


    showData($name,$email,$website,$comment,$gender);

    ?>
</div>
</body>
</html>